Attachment #394240 for bug #208703

View Details Raw Unified Return to Bug 208703

| Differences between



2020-03-16  Jiewen Tan  <jiewen_tan@apple.com>

        [WebAuthn] Customize a bit more on the macOS LocalAuthentication prompt
        https://bugs.webkit.org/show_bug.cgi?id=208703
        <rdar://problem/60136974>

        Reviewed by NOBODY (OOPS!).

        Part 2.

        This patch adds a different LocalAuthentication prompt title for getAssertion.
        And tunes a bit on the makeCredential string.

        Besides that, it also enhances the iOS titles as well.

        * en.lproj/Localizable.strings:
        * platform/LocalizedStrings.cpp:
        (WebCore::getAssertionTouchIDPromptTitle):
        * platform/LocalizedStrings.h:

2020-03-16  Megan Gardner  <megan_gardner@apple.com>

        Color Picker crashes on touch



2020-03-16  Jiewen Tan  <jiewen_tan@apple.com>

        [WebAuthn] Customize a bit more on the macOS LocalAuthentication prompt
        https://bugs.webkit.org/show_bug.cgi?id=208703
        <rdar://problem/60136974>

        Reviewed by NOBODY (OOPS!).

        Part 2.

        This patch adds a different LocalAuthentication prompt title for getAssertion.
        And tunes a bit on the makeCredential string.

        Besides that, it also enhances the iOS titles as well.

        * UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:
        (WebKit::LocalAuthenticator::continueMakeCredentialAfterDecidePolicy):
        (WebKit::LocalAuthenticator::continueGetAssertionAfterResponseSelected):
        * UIProcess/WebAuthentication/Cocoa/LocalConnection.h:
        * UIProcess/WebAuthentication/Cocoa/LocalConnection.mm:
        (WebKit::LocalConnection::verifyUser const):
        * UIProcess/WebAuthentication/Mock/MockLocalConnection.h:
        * UIProcess/WebAuthentication/Mock/MockLocalConnection.mm:
        (WebKit::MockLocalConnection::verifyUser const):

2020-03-16  Per Arne Vollan  <pvollan@apple.com>

        [macOS] Accessibility sandbox regressions

Lines 1-3 a/Source/WebCore/en.lproj/Localizable.strings_sec1
- a/Source/WebCore/en.lproj/Localizable.strings -8 / +11 lines
		1	/* Allow the specified bundle to use Touch ID to sign in to the specified website on this device */
		2	"“%@” would like to use Touch ID for “%@”." = "“%@” would like to use Touch ID for “%@”.";
		3
		4	/* "Allow the specified bundle to sign in to the specified website */
		5	"“%@” would like to sign in to “%@”." = "“%@” would like to sign in to “%@”.";
		6
1	/* accessibility help text for media controller time value >= 1 day */	7	/* accessibility help text for media controller time value >= 1 day */
2	"%1$d days %2$d hours %3$d minutes %4$d seconds" = "%1$d days %2$d hours %3$d minutes %4$d seconds";	8	"%1$d days %2$d hours %3$d minutes %4$d seconds" = "%1$d days %2$d hours %3$d minutes %4$d seconds";
3		9
Lines 313-321 a/Source/WebCore/en.lproj/Localizable.strings_sec2
313	/* Video Enter Full Screen context menu item */	319	/* Video Enter Full Screen context menu item */
314	"Enter Full Screen" = "Enter Full Screen";	320	"Enter Full Screen" = "Enter Full Screen";
315		321
316	/* Use passcode as a fallback to sign into this website */
317	"Enter passcode to sign into this website." = "Enter passcode to sign into this website.";
318
319	/* menu item */	322	/* menu item */
320	"Enter Picture in Picture" = "Enter Picture in Picture";	323	"Enter Picture in Picture" = "Enter Picture in Picture";
321		324
Lines 865-870 a/Source/WebCore/en.lproj/Localizable.strings_sec3
865	/* Unwanted software warning */	868	/* Unwanted software warning */
866	"This website may try to trick you into installing software that harms your browsing experience, like changing your settings without your permission or showing you unwanted ads. Once installed, it may be difficult to remove." = "This website may try to trick you into installing software that harms your browsing experience, like changing your settings without your permission or showing you unwanted ads. Once installed, it may be difficult to remove.";	869	"This website may try to trick you into installing software that harms your browsing experience, like changing your settings without your permission or showing you unwanted ads. Once installed, it may be difficult to remove." = "This website may try to trick you into installing software that harms your browsing experience, like changing your settings without your permission or showing you unwanted ads. Once installed, it may be difficult to remove.";
867		870
		871	/* This website would like to use Touch ID */
		872	"This website would like to use Touch ID." = "This website would like to use Touch ID.";
		873
868	/* Informative text for requesting cross-site cookie and website data access. */	874	/* Informative text for requesting cross-site cookie and website data access. */
869	"This will allow “%@” to track your activity." = "This will allow “%@” to track your activity.";	875	"This will allow “%@” to track your activity." = "This will allow “%@” to track your activity.";
870		876
Lines 883-893 a/Source/WebCore/en.lproj/Localizable.strings_sec4
883	/* prompt string in authentication panel */	889	/* prompt string in authentication panel */
884	"To view this page, you must log in to this area on %@:" = "To view this page, you must log in to this area on %@:";	890	"To view this page, you must log in to this area on %@:" = "To view this page, you must log in to this area on %@:";
885		891
886	/* Use Touch ID to sign into this website */	892	/* Use Touch ID to sign in to this website */
887	"Touch ID to sign into this website." = "Touch ID to sign into this website.";	893	"Touch ID to sign in to this website." = "Touch ID to sign in to this website.";
888
889	/* Allow using Touch ID to sign into the specified website on this device */
890	"Touch ID to allow signing into “%@” with Touch ID." = "Touch ID to allow signing into “%@” with Touch ID.";
891		894
892	/* Transformations context sub-menu item */	895	/* Transformations context sub-menu item */
893	"Transformations" = "Transformations";	896	"Transformations" = "Transformations";



#endif

#if ENABLE(WEB_AUTHN)
// On macOS, Touch ID prompt is not guaranteed to show on top of the UI client, and therefore additional
// information is provided to help users to make decisions.
#if PLATFORM(MAC)
String makeCredentialTouchIDPromptTitle(const String& bundleName, const String& domain)
{
    return formatLocalizedString(WEB_UI_CFSTRING("“%@” would like to use Touch ID for “%@”.", "Allow the specified bundle to use Touch ID to sign in to the specified website on this device"), bundleName.createCFString().get(), domain.createCFString().get());
}

String getAssertionTouchIDPromptTitle(const String& bundleName, const String& domain)
{
    return formatLocalizedString(WEB_UI_CFSTRING("“%@” would like to sign in to “%@”.", "Allow the specified bundle to sign in to the specified website"), bundleName.createCFString().get(), domain.createCFString().get());
}
#else
String makeCredentialTouchIDPromptTitle(const String&, const String&)
{
    return WEB_UI_STRING("This website would like to use Touch ID.", "This website would like to use Touch ID");
}

String getAssertionTouchIDPromptTitle(const String&, const String&)
{
    return WEB_UI_STRING("Touch ID to sign in to this website.", "Use Touch ID to sign in to this website");
}
#endif // PLATFORM(MAC)
#endif // ENABLE(WEB_AUTHN)

} // namespace WebCore



#endif

#if ENABLE(WEB_AUTHN)
    WEBCORE_EXPORT String makeCredentialTouchIDPromptTitle(const String& bundleName, const String& domain);
    WEBCORE_EXPORT String getAssertionTouchIDPromptTitle(const String& bundleName, const String& domain);
    WEBCORE_EXPORT String biometricFallbackPromptTitle();
#endif

#if USE(GLIB) && defined(GETTEXT_PACKAGE)

Lines 471-476 UIProcess/WebAuthentication/AuthenticatorManager.cpp a/Source/WebKit/Sources.txt_sec1
- a/Source/WebKit/Sources.txt +1 lines
471	UIProcess/WebAuthentication/AuthenticatorTransportService.cpp	471	UIProcess/WebAuthentication/AuthenticatorTransportService.cpp
472	UIProcess/WebAuthentication/Authenticator.cpp	472	UIProcess/WebAuthentication/Authenticator.cpp
473	UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp	473	UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp
		474	UIProcess/WebAuthentication/WebAuthenticationRequestData.cpp
474		475
475	UIProcess/WebsiteData/WebDeviceOrientationAndMotionAccessController.cpp	476	UIProcess/WebsiteData/WebDeviceOrientationAndMotionAccessController.cpp
476	UIProcess/WebsiteData/WebsiteDataRecord.cpp	477	UIProcess/WebsiteData/WebsiteDataRecord.cpp



    return WTF::get<PublicKeyCredentialRequestOptions>(options).rpId;
}

static ClientDataType getClientDataType(const Variant<PublicKeyCredentialCreationOptions, PublicKeyCredentialRequestOptions>& options)
{
    if (WTF::holds_alternative<PublicKeyCredentialCreationOptions>(options))
        return ClientDataType::Create;
    return ClientDataType::Get;
}

} // namespace

const size_t AuthenticatorManager::maxTransportNumber = 3;




        weakThis->continueMakeCredentialAfterUserVerification(accessControl.get(), verification, context);
    };
    m_connection->verifyUser(creationOptions.rp.id, getClientDataType(requestData().options), accessControlRef, WTFMove(callback));
}

void LocalAuthenticator::continueMakeCredentialAfterUserVerification(SecAccessControlRef accessControlRef, LocalConnection::UserVerification verification, LAContext *context)


        weakThis->continueGetAssertionAfterUserVerification(WTFMove(response), verification, context);
    };
    m_connection->verifyUser(requestOptions.rpId, getClientDataType(requestData().options), accessControlRef, WTFMove(callback));
}

void LocalAuthenticator::continueGetAssertionAfterUserVerification(Ref<WebCore::AuthenticatorAssertionResponse>&& response, LocalConnection::UserVerification verification, LAContext *context)




namespace WebCore {
class AuthenticatorAssertionResponse;
enum class ClientDataType : bool;
}

namespace WebKit {

    using UserVerificationCallback = CompletionHandler<void(UserVerification, LAContext *)>;

    LocalConnection() = default;
    // FIXME(183534): Invalidate the LAContext.
    virtual ~LocalConnection() = default;

    // Overrided by MockLocalConnection.
    virtual void verifyUser(const String& rpId, WebCore::ClientDataType, SecAccessControlRef, UserVerificationCallback&&) const;
    virtual RetainPtr<SecKeyRef> createCredentialPrivateKey(LAContext *, SecAccessControlRef, const String& secAttrLabel, NSData *secAttrApplicationTag) const;
    virtual void getAttestation(SecKeyRef, NSData *authData, NSData *hash, AttestationCallback&&) const;
    virtual void filterResponses(HashSet<Ref<WebCore::AuthenticatorAssertionResponse>>&) const { };



#import <WebCore/LocalizedStrings.h>
#import <wtf/BlockPtr.h>
#import <wtf/RunLoop.h>
#import <wtf/spi/cf/CFBundleSPI.h>

#if USE(APPLE_INTERNAL_SDK)
#import <WebKitAdditions/LocalConnectionAdditions.h>

#import "LocalAuthenticationSoftLink.h"

namespace WebKit {
using namespace WebCore;

namespace {
static String bundleName()
{
    String bundleName;

#if PLATFORM(MAC)
    bundleName = [[NSRunningApplication currentApplication] localizedName];
#endif

    return bundleName;
}
} // namespace

void LocalConnection::verifyUser(const String& rpId, ClientDataType type, SecAccessControlRef accessControl, UserVerificationCallback&& completionHandler) const
{
    String title;
    switch (type) {
    case ClientDataType::Create:
        title = makeCredentialTouchIDPromptTitle(bundleName(), rpId);
        break;
    case ClientDataType::Get:
        title = getAssertionTouchIDPromptTitle(bundleName(), rpId);
        break;
    default:
        ASSERT_NOT_REACHED();
    }

    auto context = adoptNS([allocLAContextInstance() init]);

    auto options = adoptNS([[NSMutableDictionary alloc] init]);
    if ([context biometryType] == LABiometryTypeTouchID) {
        [options setObject:title forKey:@(LAOptionAuthenticationTitle)];
        [options setObject:WebCore::genericTouchIDPromptTitle() forKey:@(LAOptionAuthenticationTitle)];
        ASSERT_UNUSED(rpId, rpId);
#else
        [options setObject:WebCore::makeCredentialTouchIDPromptTitle(rpId) forKey:@(LAOptionAuthenticationTitle)];
#endif
        [options setObject:@NO forKey:@(LAOptionFallbackVisible)];
    }
#if PLATFORM(IOS)
    [options setObject:WebCore::biometricFallbackPromptTitle() forKey:@(LAOptionPasscodeTitle)];
#endif

    auto reply = makeBlockPtr([context, completionHandler = WTFMove(completionHandler)] (NSDictionary *, NSError *error) mutable {
        ASSERT(!RunLoop::isMain());

Lines 37-43 public: a/Source/WebKit/UIProcess/WebAuthentication/Mock/MockLocalConnection.h_sec1
- a/Source/WebKit/UIProcess/WebAuthentication/Mock/MockLocalConnection.h -1 / +1 lines
37	explicit MockLocalConnection(const WebCore::MockWebAuthenticationConfiguration&);	37	explicit MockLocalConnection(const WebCore::MockWebAuthenticationConfiguration&);
38		38
39	private:	39	private:
40	void verifyUser(const String&, SecAccessControlRef, UserVerificationCallback&&) const final;	40	void verifyUser(const String&, WebCore::ClientDataType, SecAccessControlRef, UserVerificationCallback&&) const final;
41	RetainPtr<SecKeyRef> createCredentialPrivateKey(LAContext , SecAccessControlRef, const String& secAttrLabel, NSData secAttrApplicationTag) const final;	41	RetainPtr<SecKeyRef> createCredentialPrivateKey(LAContext , SecAccessControlRef, const String& secAttrLabel, NSData secAttrApplicationTag) const final;
42	void getAttestation(SecKeyRef, NSData authData, NSData hash, AttestationCallback&&) const final;	42	void getAttestation(SecKeyRef, NSData authData, NSData hash, AttestationCallback&&) const final;
43	void filterResponses(HashSet<Ref<WebCore::AuthenticatorAssertionResponse>>&) const final;	43	void filterResponses(HashSet<Ref<WebCore::AuthenticatorAssertionResponse>>&) const final;

Lines 44-50 MockLocalConnection::MockLocalConnection(const WebCore::MockWebAuthenticationCon a/Source/WebKit/UIProcess/WebAuthentication/Mock/MockLocalConnection.mm_sec1
- a/Source/WebKit/UIProcess/WebAuthentication/Mock/MockLocalConnection.mm -1 / +1 lines
44	{	44	{
45	}	45	}
46		46
47	void MockLocalConnection::verifyUser(const String&, SecAccessControlRef, UserVerificationCallback&& callback) const	47	void MockLocalConnection::verifyUser(const String&, WebCore::ClientDataType, SecAccessControlRef, UserVerificationCallback&& callback) const
48	{	48	{
49	// Mock async operations.	49	// Mock async operations.
50	RunLoop::main().dispatch([configuration = m_configuration, callback = WTFMove(callback)]() mutable {	50	RunLoop::main().dispatch([configuration = m_configuration, callback = WTFMove(callback)]() mutable {



/*
 * Copyright (C) 2020 Apple Inc. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
 * THE POSSIBILITY OF SUCH DAMAGE.
 */

#include "config.h"
#include "WebAuthenticationRequestData.h"

#if ENABLE(WEB_AUTHN)

namespace WebKit {
using namespace WebCore;

ClientDataType getClientDataType(const Variant<PublicKeyCredentialCreationOptions, PublicKeyCredentialRequestOptions>& options)
{
    if (WTF::holds_alternative<PublicKeyCredentialCreationOptions>(options))
        return ClientDataType::Create;
    return ClientDataType::Get;
}

} // namespace WebKit

#endif // ENABLE(WEB_AUTHN)

Lines 33-38 a/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticationRequestData.h_sec1
- a/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticationRequestData.h +3 lines
33	#include <WebCore/GlobalFrameIdentifier.h>	33	#include <WebCore/GlobalFrameIdentifier.h>
34	#include <WebCore/PublicKeyCredentialCreationOptions.h>	34	#include <WebCore/PublicKeyCredentialCreationOptions.h>
35	#include <WebCore/PublicKeyCredentialRequestOptions.h>	35	#include <WebCore/PublicKeyCredentialRequestOptions.h>
		36	#include <WebCore/WebAuthenticationConstants.h>
36	#include <wtf/Variant.h>	37	#include <wtf/Variant.h>
37	#include <wtf/Vector.h>	38	#include <wtf/Vector.h>
38	#include <wtf/WeakPtr.h>	39	#include <wtf/WeakPtr.h>
Lines 51-56 struct WebAuthenticationRequestData { a/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticationRequestData.h_sec2
51	WebKit::FrameInfoData frameInfo;	52	WebKit::FrameInfoData frameInfo;
52	};	53	};
53		54
		55	WebCore::ClientDataType getClientDataType(const Variant<WebCore::PublicKeyCredentialCreationOptions, WebCore::PublicKeyCredentialRequestOptions>&);
		56
54	} // namespace WebKit	57	} // namespace WebKit
55		58
56	#endif // ENABLE(WEB_AUTHN)	59	#endif // ENABLE(WEB_AUTHN)

Return to Bug 208703

Lines 1208-1227 String unacceptableTLSCertificate() a/Source/WebCore/platform/LocalizedStrings.cpp_sec1
- a/Source/WebCore/platform/LocalizedStrings.cpp -7 / +16 lines
1208	#endif	1208	#endif
1209		1209
1210	#if ENABLE(WEB_AUTHN)	1210	#if ENABLE(WEB_AUTHN)
1211	String genericTouchIDPromptTitle()	1211	// On macOS, Touch ID prompt is not guaranteed to show on top of the UI client, and therefore additional
		1212	// information is provided to help users to make decisions.
		1213	#if PLATFORM(MAC)
		1214	String makeCredentialTouchIDPromptTitle(const String& bundleName, const String& domain)
1212	{	1215	{
1213	return WEB_UI_STRING("Touch ID to sign into this website.", "Use Touch ID to sign into this website");	1216	return formatLocalizedString(WEB_UI_CFSTRING("“%@” would like to use Touch ID for “%@”.", "Allow the specified bundle to use Touch ID to sign in to the specified website on this device"), bundleName.createCFString().get(), domain.createCFString().get());
1214	}	1217	}
1215		1218
1216	String makeCredentialTouchIDPromptTitle(const String& domain)	1219	String getAssertionTouchIDPromptTitle(const String& bundleName, const String& domain)
1217	{	1220	{
1218	return formatLocalizedString(WEB_UI_CFSTRING("Touch ID to allow signing into “%@” with Touch ID.", "Allow using Touch ID to sign into the specified website on this device"), domain.createCFString().get());	1221	return formatLocalizedString(WEB_UI_CFSTRING("“%@” would like to sign in to “%@”.", "Allow the specified bundle to sign in to the specified website"), bundleName.createCFString().get(), domain.createCFString().get());
		1222	}
		1223	#else
		1224	String makeCredentialTouchIDPromptTitle(const String&, const String&)
		1225	{
		1226	return WEB_UI_STRING("This website would like to use Touch ID.", "This website would like to use Touch ID");
1219	}	1227	}
1220		1228
1221	String biometricFallbackPromptTitle()	1229	String getAssertionTouchIDPromptTitle(const String&, const String&)
1222	{	1230	{
1223	return WEB_UI_STRING("Enter passcode to sign into this website.", "Use passcode as a fallback to sign into this website");	1231	return WEB_UI_STRING("Touch ID to sign in to this website.", "Use Touch ID to sign in to this website");
1224	}	1232	}
1225	#endif	1233	#endif // PLATFORM(MAC)
		1234	#endif // ENABLE(WEB_AUTHN)
1226		1235
1227	} // namespace WebCore	1236	} // namespace WebCore

Lines 340-348 namespace WebCore { a/Source/WebCore/platform/LocalizedStrings.h_sec1
- a/Source/WebCore/platform/LocalizedStrings.h -3 / +2 lines
340	#endif	340	#endif
341		341
342	#if ENABLE(WEB_AUTHN)	342	#if ENABLE(WEB_AUTHN)
343	WEBCORE_EXPORT String genericTouchIDPromptTitle();	343	WEBCORE_EXPORT String makeCredentialTouchIDPromptTitle(const String& bundleName, const String& domain);
344	WEBCORE_EXPORT String makeCredentialTouchIDPromptTitle(const String& domain);	344	WEBCORE_EXPORT String getAssertionTouchIDPromptTitle(const String& bundleName, const String& domain);
345	WEBCORE_EXPORT String biometricFallbackPromptTitle();
346	#endif	345	#endif
347		346
348	#if USE(GLIB) && defined(GETTEXT_PACKAGE)	347	#if USE(GLIB) && defined(GETTEXT_PACKAGE)

Lines 143-155 static String getRpId(const Variant<PublicKeyCredentialCreationOptions, PublicKe a/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp_sec1
- a/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp -7 lines
143	return WTF::get<PublicKeyCredentialRequestOptions>(options).rpId;	143	return WTF::get<PublicKeyCredentialRequestOptions>(options).rpId;
144	}	144	}
145		145
146	static ClientDataType getClientDataType(const Variant<PublicKeyCredentialCreationOptions, PublicKeyCredentialRequestOptions>& options)
147	{
148	if (WTF::holds_alternative<PublicKeyCredentialCreationOptions>(options))
149	return ClientDataType::Create;
150	return ClientDataType::Get;
151	}
152
153	} // namespace	146	} // namespace
154		147
155	const size_t AuthenticatorManager::maxTransportNumber = 3;	148	const size_t AuthenticatorManager::maxTransportNumber = 3;

Lines 263-269 void LocalAuthenticator::continueMakeCredentialAfterDecidePolicy(LocalAuthentica a/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm_sec1
- a/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm -2 / +2 lines
263		263
264	weakThis->continueMakeCredentialAfterUserVerification(accessControl.get(), verification, context);	264	weakThis->continueMakeCredentialAfterUserVerification(accessControl.get(), verification, context);
265	};	265	};
266	m_connection->verifyUser(creationOptions.rp.id, accessControlRef, WTFMove(callback));	266	m_connection->verifyUser(creationOptions.rp.id, getClientDataType(requestData().options), accessControlRef, WTFMove(callback));
267	}	267	}
268		268
269	void LocalAuthenticator::continueMakeCredentialAfterUserVerification(SecAccessControlRef accessControlRef, LocalConnection::UserVerification verification, LAContext *context)	269	void LocalAuthenticator::continueMakeCredentialAfterUserVerification(SecAccessControlRef accessControlRef, LocalConnection::UserVerification verification, LAContext *context)
Lines 491-497 void LocalAuthenticator::continueGetAssertionAfterResponseSelected(Ref<WebCore:: a/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm_sec2
491		491
492	weakThis->continueGetAssertionAfterUserVerification(WTFMove(response), verification, context);	492	weakThis->continueGetAssertionAfterUserVerification(WTFMove(response), verification, context);
493	};	493	};
494	m_connection->verifyUser(requestOptions.rpId, accessControlRef, WTFMove(callback));	494	m_connection->verifyUser(requestOptions.rpId, getClientDataType(requestData().options), accessControlRef, WTFMove(callback));
495	}	495	}
496		496
497	void LocalAuthenticator::continueGetAssertionAfterUserVerification(Ref<WebCore::AuthenticatorAssertionResponse>&& response, LocalConnection::UserVerification verification, LAContext *context)	497	void LocalAuthenticator::continueGetAssertionAfterUserVerification(Ref<WebCore::AuthenticatorAssertionResponse>&& response, LocalConnection::UserVerification verification, LAContext *context)

Lines 1-3 a/Source/WebCore/ChangeLog_sec1
- a/Source/WebCore/ChangeLog +20 lines
		1	2020-03-16 Jiewen Tan <jiewen_tan@apple.com>
		2
		3	[WebAuthn] Customize a bit more on the macOS LocalAuthentication prompt
		4	https://bugs.webkit.org/show_bug.cgi?id=208703
		5	<rdar://problem/60136974>
		6
		7	Reviewed by NOBODY (OOPS!).
		8
		9	Part 2.
		10
		11	This patch adds a different LocalAuthentication prompt title for getAssertion.
		12	And tunes a bit on the makeCredential string.
		13
		14	Besides that, it also enhances the iOS titles as well.
		15
		16	* en.lproj/Localizable.strings:
		17	* platform/LocalizedStrings.cpp:
		18	(WebCore::getAssertionTouchIDPromptTitle):
		19	* platform/LocalizedStrings.h:
		20
1	2020-03-16 Megan Gardner <megan_gardner@apple.com>	21	2020-03-16 Megan Gardner <megan_gardner@apple.com>
2		22
3	Color Picker crashes on touch	23	Color Picker crashes on touch

Lines 1-3 a/Source/WebKit/ChangeLog_sec1
- a/Source/WebKit/ChangeLog +25 lines
		1	2020-03-16 Jiewen Tan <jiewen_tan@apple.com>
		2
		3	[WebAuthn] Customize a bit more on the macOS LocalAuthentication prompt
		4	https://bugs.webkit.org/show_bug.cgi?id=208703
		5	<rdar://problem/60136974>
		6
		7	Reviewed by NOBODY (OOPS!).
		8
		9	Part 2.
		10
		11	This patch adds a different LocalAuthentication prompt title for getAssertion.
		12	And tunes a bit on the makeCredential string.
		13
		14	Besides that, it also enhances the iOS titles as well.
		15
		16	* UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:
		17	(WebKit::LocalAuthenticator::continueMakeCredentialAfterDecidePolicy):
		18	(WebKit::LocalAuthenticator::continueGetAssertionAfterResponseSelected):
		19	* UIProcess/WebAuthentication/Cocoa/LocalConnection.h:
		20	* UIProcess/WebAuthentication/Cocoa/LocalConnection.mm:
		21	(WebKit::LocalConnection::verifyUser const):
		22	* UIProcess/WebAuthentication/Mock/MockLocalConnection.h:
		23	* UIProcess/WebAuthentication/Mock/MockLocalConnection.mm:
		24	(WebKit::MockLocalConnection::verifyUser const):
		25
1	2020-03-16 Per Arne Vollan <pvollan@apple.com>	26	2020-03-16 Per Arne Vollan <pvollan@apple.com>
2		27
3	[macOS] Accessibility sandbox regressions	28	[macOS] Accessibility sandbox regressions

Lines 37-42 OBJC_CLASS LAContext; a/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.h_sec1
- a/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.h -1 / +3 lines
37		37
38	namespace WebCore {	38	namespace WebCore {
39	class AuthenticatorAssertionResponse;	39	class AuthenticatorAssertionResponse;
		40	enum class ClientDataType : bool;
40	}	41	}
41		42
42	namespace WebKit {	43	namespace WebKit {
Lines 59-68 public: a/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.h_sec2
59	using UserVerificationCallback = CompletionHandler<void(UserVerification, LAContext *)>;	60	using UserVerificationCallback = CompletionHandler<void(UserVerification, LAContext *)>;
60		61
61	LocalConnection() = default;	62	LocalConnection() = default;
		63	// FIXME(183534): Invalidate the LAContext.
62	virtual ~LocalConnection() = default;	64	virtual ~LocalConnection() = default;
63		65
64	// Overrided by MockLocalConnection.	66	// Overrided by MockLocalConnection.
65	virtual void verifyUser(const String& rpId, SecAccessControlRef, UserVerificationCallback&&) const;	67	virtual void verifyUser(const String& rpId, WebCore::ClientDataType, SecAccessControlRef, UserVerificationCallback&&) const;
66	virtual RetainPtr<SecKeyRef> createCredentialPrivateKey(LAContext , SecAccessControlRef, const String& secAttrLabel, NSData secAttrApplicationTag) const;	68	virtual RetainPtr<SecKeyRef> createCredentialPrivateKey(LAContext , SecAccessControlRef, const String& secAttrLabel, NSData secAttrApplicationTag) const;
67	virtual void getAttestation(SecKeyRef, NSData authData, NSData hash, AttestationCallback&&) const;	69	virtual void getAttestation(SecKeyRef, NSData authData, NSData hash, AttestationCallback&&) const;
68	virtual void filterResponses(HashSet<Ref<WebCore::AuthenticatorAssertionResponse>>&) const { };	70	virtual void filterResponses(HashSet<Ref<WebCore::AuthenticatorAssertionResponse>>&) const { };

Lines 31-36 a/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.mm_sec1
- a/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.mm -10 / +29 lines
31	#import <WebCore/LocalizedStrings.h>	31	#import <WebCore/LocalizedStrings.h>
32	#import <wtf/BlockPtr.h>	32	#import <wtf/BlockPtr.h>
33	#import <wtf/RunLoop.h>	33	#import <wtf/RunLoop.h>
		34	#import <wtf/spi/cf/CFBundleSPI.h>
34		35
35	#if USE(APPLE_INTERNAL_SDK)	36	#if USE(APPLE_INTERNAL_SDK)
36	#import <WebKitAdditions/LocalConnectionAdditions.h>	37	#import <WebKitAdditions/LocalConnectionAdditions.h>
Lines 39-62 a/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.mm_sec2
39	#import "LocalAuthenticationSoftLink.h"	40	#import "LocalAuthenticationSoftLink.h"
40		41
41	namespace WebKit {	42	namespace WebKit {
		43	using namespace WebCore;
42		44
43	void LocalConnection::verifyUser(const String& rpId, SecAccessControlRef accessControl, UserVerificationCallback&& completionHandler) const	45	namespace {
		46	static String bundleName()
44	{	47	{
		48	String bundleName;
		49
		50	#if PLATFORM(MAC)
		51	bundleName = [[NSRunningApplication currentApplication] localizedName];
		52	#endif
		53
		54	return bundleName;
		55	}
		56	} // namespace
		57
		58	void LocalConnection::verifyUser(const String& rpId, ClientDataType type, SecAccessControlRef accessControl, UserVerificationCallback&& completionHandler) const
		59	{
		60	String title;
		61	switch (type) {
		62	case ClientDataType::Create:
		63	title = makeCredentialTouchIDPromptTitle(bundleName(), rpId);
		64	break;
		65	case ClientDataType::Get:
		66	title = getAssertionTouchIDPromptTitle(bundleName(), rpId);
		67	break;
		68	default:
		69	ASSERT_NOT_REACHED();
		70	}
		71
45	auto context = adoptNS([allocLAContextInstance() init]);	72	auto context = adoptNS([allocLAContextInstance() init]);
46		73
47	auto options = adoptNS([[NSMutableDictionary alloc] init]);	74	auto options = adoptNS([[NSMutableDictionary alloc] init]);
48	if ([context biometryType] == LABiometryTypeTouchID) {	75	if ([context biometryType] == LABiometryTypeTouchID) {
49	#if PLATFORM(IOS)	76	[options setObject:title forKey:@(LAOptionAuthenticationTitle)];
50	[options setObject:WebCore::genericTouchIDPromptTitle() forKey:@(LAOptionAuthenticationTitle)];
51	ASSERT_UNUSED(rpId, rpId);
52	#else
53	[options setObject:WebCore::makeCredentialTouchIDPromptTitle(rpId) forKey:@(LAOptionAuthenticationTitle)];
54	#endif
55	[options setObject:@NO forKey:@(LAOptionFallbackVisible)];	77	[options setObject:@NO forKey:@(LAOptionFallbackVisible)];
56	}	78	}
57	#if PLATFORM(IOS)
58	[options setObject:WebCore::biometricFallbackPromptTitle() forKey:@(LAOptionPasscodeTitle)];
59	#endif
60		79
61	auto reply = makeBlockPtr([context, completionHandler = WTFMove(completionHandler)] (NSDictionary , NSError error) mutable {	80	auto reply = makeBlockPtr([context, completionHandler = WTFMove(completionHandler)] (NSDictionary , NSError error) mutable {
62	ASSERT(!RunLoop::isMain());	81	ASSERT(!RunLoop::isMain());

Line 0 a/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticationRequestData.cpp_sec1
- a/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticationRequestData.cpp +43 lines
	1	/*
	2	* Copyright (C) 2020 Apple Inc. All rights reserved.
	3	*
	4	* Redistribution and use in source and binary forms, with or without
	5	* modification, are permitted provided that the following conditions
	6	* are met:
	7	* 1. Redistributions of source code must retain the above copyright
	8	* notice, this list of conditions and the following disclaimer.
	9	* 2. Redistributions in binary form must reproduce the above copyright
	10	* notice, this list of conditions and the following disclaimer in the
	11	* documentation and/or other materials provided with the distribution.
	12	*
	13	* THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
	14	* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
	15	* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	16	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
	17	* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	18	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	19	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	20	* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	21	* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	22	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
	23	* THE POSSIBILITY OF SUCH DAMAGE.
	24	*/
	25
	26	#include "config.h"
	27	#include "WebAuthenticationRequestData.h"
	28
	29	#if ENABLE(WEB_AUTHN)
	30
	31	namespace WebKit {
	32	using namespace WebCore;
	33
	34	ClientDataType getClientDataType(const Variant<PublicKeyCredentialCreationOptions, PublicKeyCredentialRequestOptions>& options)
	35	{
	36	if (WTF::holds_alternative<PublicKeyCredentialCreationOptions>(options))
	37	return ClientDataType::Create;
	38	return ClientDataType::Get;
	39	}
	40
	41	} // namespace WebKit
	42
	43	#endif // ENABLE(WEB_AUTHN)